CVE-2008-0901
BEA WebLogic Server and Express versions 7.0–10.0 are affected by a vulnerability that allows remote attackers to perform brute-force password guessing even when account lockout is enabled. The issue involves crafted URLs that reveal whether a guessed password is correct, enabling iterative guess...